Chinese language purchasing platform Pandabuy informed BleepingComputer it beforehand paid a a ransom demand to stop stolen knowledge from being leaked, solely for a similar risk actor to extort the corporate once more this week.
PandaBuy is a web-based platform that acts as an middleman between prospects and numerous Chinese language e-commerce web sites, together with Tmall, Taobao, and JD.com, which do not ship internationally.
The service permits customers to buy merchandise from these web sites, which are sometimes cheaper or have distinctive gadgets not obtainable elsewhere, and have them shipped to their location.
On March 31, 2024, a risk actor utilizing the alias ‘Sanggiero’ printed 3 million rows of information stolen from PandaBuy on BreachForums, exposing buyer names, cellphone numbers, electronic mail addresses, login IP addresses, residence addresses, and order particulars.
The risk actor claimed they managed to steal that knowledge by exploiting a number of vital vulnerabilities within the PandaBuy API.
This knowledge was shared with the info breach notification service Have I Been Pwned (HIBP), which added 1.35 million electronic mail addresses from this incident to its system.
On the time, Pandabuy opted to not make any public statements, and there have been even reviews of the agency trying to censor buyer reviews on Discord and Reddit.
New claims and denial
On June 3, 2024, the identical risk actor supplied to promote what he claimed was all the database he beforehand stole from Pandabuy for $40,000.
This database allegedly accommodates 17 million rows, indicating a a lot bigger knowledge set.
Sanggiero didn’t present proof of further buyer knowledge within the type of samples however uploaded screenshots exhibiting delicate worker data resembling emails and passwords.
.png "PandaBuy pays ransom to hacker solely to get extorted once more 1")
Supply: BleepingComputer
A Pandabuy spokesperson admitted to BleepingComputer that that they had paid the hacker an undisclosed quantity to cease the info leak, including that the risk actor might have shared the info with others, so they’d now not cooperate with him.
“At present, we cannot continue to pay the hacker fees due to the frozen funds, and the data he leaked is the same as the last one. We have confirmed with the technical department that all the loopholes have been fixed at the time of the first leak incident. And for all we know, he secretly sold our data to other agents after he made the deal with us. We can not cooperate with him in the future.“
❖ Pandabuy
BleepingComputer reached out to Sanggiero in regards to the firm’s assertion however has not heard again right now.
For now, it’s higher to take an abundance of warning and be looking out for unsolicited messages from individuals claiming to be Pandabuy, which can be a phishing try to collect further private nformation.
You probably have not beforehand reset your password at Pandabuy, it’s strongly suggested that you just achieve this now, in case further knowledge was stolen, because the risk actor claims.
